Introduction

Password Safe is an open source password manager available for download at Sourceforge, written in MFC/C++. This is a useful program, but I had a need to integrate the possibility to import such content to my online password manager which uses a format based on Encrypted XML.

There are many potentially creative things to do with Password Safe files, but many such ideas may be stopped by the apparent difficulty of decrypting and interpreting the database format used. This library provides an easy to use interface, patterned on the general .NET Framework readers, such as XmlReader.

Background

Read the background of Password Safe at their Web site, but briefly this originated as a product from Bruce Schneier, at Counterpane who subsequently published the source code, and it now lives an independent life at Sourceforge.

The code presented only implements a PasswordSafeReader at this time, but it should be relatively trivial to follow the general implementation pattern to make a PasswordSafeWriter. If anyone makes such a beast, I'll be happy to integrate the source.

Using the Code

The solution in the source code package contains two projects, one for the actual library, one for a simple demo and test using the NUnit framework to demonstrate usage as well as to provide a validation of the implementation.

The basic reader loop, devoid of error checking (the reader will throw InvalidDataException for a bad key or bad database format, and InvalidOperationException for an internal implementation error) can look like this:

Points of Interest

An interesting discovery when implementing this code was that I discovered a minor security flaw in the format. The database is encrypted and also protected with a keyed hash, an HMAC to ensure the integrity of the data. The problem is that the HMAC does not actually protect all the bits it should, it does not protect the format meta data, i.e. record lengths and field type codes. The real-world risk of this is low, since it is all encrypted, but it's still a flaw.

Password Safe has gone through several generations, this code implements the Version 3 format which, among other things of note, uses the Twofish block cipher for encryption. The Twofish implementation used was written by Shaun Wilde.

The source code as published here is licensed under the GPL version 3.0 - but if this is a problem for your project, in most cases I'll be happy to license it to you for free under less restrictive terms. Just send me an e-mail.

Share

About the Author

I've been working with all aspects of software development since 1979 - from compiler construction to management. Currently I'm an independent consultant mostly specializing in computer security. Please see my homepage for contact details.

I speak C like a native, and have a pretty good grasp of C++. The most recent five years C# has been the main development language. Traditionally Unix has been the dominating environment, but currently the scales have tipped over to Windows, due to market demands but I'm equally at home developing in both environments.

When I'm not coding I'm usually sitting on one of my 4 bikes, indoors or outdoors, on the road or in the woods.

Comments and Discussions

Hello,
Do you know of any replacement for the above functions?
I'm trying a port to windows mobile 5.0 which has dot net compact framework and which...you guessed it...does not have these functions implemented.
Thanks!

I sent an email to Svente, the author, but he didn't replied, and also to you, via the email option of sourceforge. I got no answer so I ask you here, is it possible I can get the source you modified?I intent to create a source project for PPC version of password safe.

The Author contacted me and I replied by sending my sources.
I did not get any message from you, so maybe it is caught up in some spam stopper program. I will send you an example project of my mobile app. (an email with link is returned)